Internal Control Factors



Internal Control

Self-Assessment Checklist

Unit management throughout the University is responsible to establish internal controls to keep their unit on course toward its financial goals, to help it achieve its mission, to minimize surprises and risks, and to allow the organization to successfully deal with change. Internal controls are defined as activities undertaken to increase the likelihood of achieving management objectives in three areas:

• Efficiency and effectiveness of operations

• Reliability of financial reporting

• Compliance with laws and regulations

Some internal controls are established at the institutional level; others are established by unit management. To achieve success, unit management needs to (1) be knowledgeable about, and support, institutional controls, and (2) implement practical and effective internal controls specific to the particular unit.

The following checklist is provided to facilitate a self-assessment of internal controls by management of individual departments. It is intended to address general aspects of internal controls, and does not include specific controls applicable to individual units.

Organization of the checklist is consistent with the five interrelated components of internal control defined by the Committee of Sponsoring Organizations of the Treadway Commission (COSO).

We encourage department heads and other unit management to use this self-assessment checklist to evaluate internal controls in their areas of responsibility. Management should also add to the checklist other controls that apply specifically their units.

Internal Audit would be pleased to consult on methods to improve your internal controls.

Index

|1. Control Environment |3. Control Activities |

|Integrity and Ethical Values |Written Policies and Procedures |

|Commitment to Competence |Control Procedures |

|Management's Philosophy and Operating Style |Controls over Information Systems |

|Organizational Structure |4. Information and Communication |

|Assignment of Authority and Responsibility |Access to Information |

|Human Resource Policies and Practices |Communication Patterns |

|2. Risk Assessment |5. Monitoring |

|Organizational Goals and Objectives |Management Supervision |

|Risk Identification and Prioritization |Outside Sources |

|Managing Change |Response Mechanisms |

| |Self-Assessment Mechanisms |

|Assessment Factor |Indication of Stronger Controls |Indication of Weaker Controls |Assessment |

|Strong - Weak |

| |1 |2 |3 |4 |5 |

|Section 1 – Control Environment |

|1 - Integrity and Ethical Values |

|1.1 Acceptable business practices. |

|2.1 Job descriptions. |

|3.1 Communication with Faculty, College and University. |

|4.1 Complexity of the organizational structure. |

|5.1 Delegation of authority and assignment of responsibility for operating and financial functions. |

|6.1 Selection of personnel. |

|7 – Organizational Goals and Objectives |

|7.1 Unit-wide objectives. |

|8.1 Identification and consideration of external risk factors. |

|9.1 Commitment to change. |

|10 – Written Policies and Procedures |

|10.1 Access to University policies and procedures. |

|11.1 Senior management (University or College) reviews. |

|12.1 Local information systems and LANs. |System operations are documented; software is appropriately |Inadequate controls over local information systems or LANs. | |

| |acquired and maintained; access to the system, programs and | | |

| |data is controlled; the system is maintained in a secure | | |

| |environment; applications are appropriately developed and | | |

| |maintained. | | |

|Strong - Weak |

| |1 |2 |3 |4 |5 |

|Section 4 – Information and Communication |

|13 – Access to Information |

|13.1 Relevant external information. |

|14.1 Trust. |

|15 – Management Supervision |

|15.1 Effectiveness of key control activities. |

|16.1 Industry and professional associations. |

|17.1 Management follow-up of violations of policies. |

18.1 Monitoring of control environment. |Management periodically assesses employee attitudes, reviews the effectiveness of the organization structure, and evaluates the appropriateness of policies and procedures. |Assessment processes do not exist. | | | | | | |18.2 Evaluation of risk assessment process. |Management periodically evaluates the effectiveness of its risk assessment process. |Assessment processes do not exist. | | | | | | |18.3 Assessment of design and effectiveness of internal controls. |Internal controls are subject to a formal and continuous internal assessment process. |Assessment processes do not exist. | | | | | | |18.4 Evaluation of information and communication systems. |Management periodically evaluates the accuracy, timeliness and relevance of its information and communication systems. Management questions information on management reports that appears unusual or inconsistent. |Assessment process does not exist. | | | | | | |

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download